A strong link/weak link and exclusion zone nuclear detonation mechanism is a type of safety mechanism employed in the arming and

firing mechanism A trigger is a mechanism that actuates the function of a ranged weapon such as a firearm, airgun, crossbow, or speargun. The word may also be used to describe a switch that initiates the operation of other non-shooting devices such as a trap, ...

s of modern

nuclear weapon A nuclear weapon is an explosive device that derives its destructive force from nuclear reactions, either fission (fission bomb) or a combination of fission and fusion reactions ( thermonuclear bomb), producing a nuclear explosion. Both bom ...

s. The safety mechanism starts by enclosing the electronics and mechanical components used to arm and fire the nuclear weapon with a mechanical and electrical isolation barrier, the ''energy barrier'', which encloses and defines the ''exclusion zone''. This is insulated from mechanical, thermal, and electrical disruptions (such as

static electricity Static electricity is an imbalance of electric charges within or on the surface of a material or between materials. The charge remains until it is able to move away by means of an electric current or electrical discharge. Static electricity is na ...

lightning Lightning is a naturally occurring electrostatic discharge during which two electric charge, electrically charged regions, both in the atmosphere or with one on the land, ground, temporarily neutralize themselves, causing the instantaneous ...

, or

fire Fire is the rapid oxidation of a material (the fuel) in the exothermic chemical process of combustion, releasing heat, light, and various reaction Product (chemistry), products. At a certain point in the combustion reaction, called the ignition ...

). Between the exclusion zone and the actual detonators, a normally-disconnected link mechanism is used, such as a switch which has a built-in motor to activate it. The arming system has to activate the switch in order to connect the firing circuits to the detonators in the weapon. This disconnection, which requires the arming mechanism to operate, is called the ''strong link''. It is possible for an accident (

rocket A rocket (from it, rocchetto, , bobbin/spool) is a vehicle that uses jet propulsion to accelerate without using the surrounding air. A rocket engine produces thrust by reaction to exhaust expelled at high speed. Rocket engines work entirely fr ...

explosion,

airplane crash An aviation accident is defined by the Convention on International Civil Aviation Annex 13 as an occurrence associated with the operation of an aircraft, which takes place from the time any person boards the aircraft with the ''intention of fl ...

, accident while weapon is being moved) to disrupt the weapon and break the integrity of the exclusion zone. As a safety mechanism, a ''weak link'' is also built into the system. This is a set of components designed to fail at lower stresses (thermal, mechanical, and electrical) than the strong links, and will prevent signals from the strong links from reaching the detonators. The weak link acts to break the connection to the detonators before the strong link could be disrupted and fail by the stress of an accident: by the time the strong links fail, the weapon has already been rendered permanently inoperable. Strong links and the following weak links are intentionally co-located, so that they will experience similar environmental conditions. The following table summarises the effects of failure modes in the strong and weak links:

Strong links

Strong links, at least in US nuclear weapons, are always implemented as electro-mechanical systems such as motor-driven switches. There are two main requirements: when functional, never to allow an invalid signals to penetrate the energy barrier, and never to fail in a way that ''can'' pass a signal though the barrier ''before'' the weak links inside the exclusion zone have also failed. The MC2935 and MC2969 devices were two similar devices based on a rotary solenoid, acting, respectively, as "trajectory" (passing a signal only when a missile's physical movement indicated a correct launch) and "intent" (signalling that a detonation is desired by the operator) strong links. The Mechanical Safing and Arming Device (MSAD) strong link device used a small pellet of sensitive high explosive to trigger a larger charge of insensitive high explosive. Normally, the pellet was held away from the main charge, and was physically moved into position only when the strong link was activated by a valid input and detonated by a mechanical "slapper". The MSAD also contained a weak link: the pellet would burn or explode harmlessly in a fire when it was not in position, and the insensitive explosives could not then be detonated at all. Multiple strong links could be used in series, which, when properly designed, multiplies the safety factor.. The B61 nuclear bomb, for example, gated the trajectory strong link behind the intent strong link. Until the correct intent unique signal was sent, the trajectory unique signal would not even be presented to the trajectory strong link inputs.

Unique signals

Strong links implement a mechanism where only a single, unique form of energy may enter the exclusion zone. This energy is encoded as a ''unique signal'': a sequence of "events" which must occur in a precise and preset pattern for the link to activate. This pattern is specifically designed to be extremely unlikely to occur by chance. The pattern is checked for validity by a

discriminator In distributed computing, a discriminator is a typed tag field present in OMG IDL discriminated union type and value definitions that determines which union member is selected in the current union instance. Unlike in some conventional programm ...

. In some devices, known as single-try discriminators, an incorrect event pattern leads to the device becoming inoperable: the weapon cannot then be reset and fired remotely. "Multiple-try" discriminators could be reset remotely. A single-try strong link might have an event sequence of 24 events, whereas a multiple-try device would have more: the MC2969 had 47.. Unique signal patterns were always the same for a given strong link discriminator, and were not secret or classified: they were designed only for safety purposes and not security.. Each strong link had a different signal, so as to avoid the possibility of

common mode failure Common and special causes are the two distinct origins of variation in a process, as defined in the statistical thinking and methods of Walter A. Shewhart and W. Edwards Deming. Briefly, "common causes", also called natural patterns, are the ...

. Unique signals were used, because it was recognised that it was impossible to fully isolate the strong link from any and all electrical sources in an "abnormal environment" (such as a disintegrating aircraft). By encoding the only valid signal as a unique pattern of information, the safety principle of "incompatibility" was introduced: the signal is "incompatible" with all other electrical energy because the information that makes up a unique signal is not present in any other components (such as signal buffers or storage). Therefore the channel over which the UQS is transmitted does not need to be proven to have a safe response. Only the signal generator and the strong link need to be proven to have safe behaviour until such time as the weak links render the weapon inert.. Critically for maintaining this safety, the strong link discriminator must be the ''only'' place in the entire system where "decisions" are made, and the transmission channel must never be permitted to retain knowledge of events, handle multiple events at once or re-order events. That may permit a single action to generate multiple signal events. Additionally, all events must be processed identically: to do otherwise constitutes pre-storage of knowledge of the UQS and biases the channel, Events may be sent or received in any format (e.g. digitally, as voltage levels, mechanically, etc) as long as these conditions were met; format translation is also permitted as long as the translators transmits each event before processing the next one. Unique signals were usually encoded as sequences of binary data (though strictly the data did not have to binary, it was deemed that the longer sequence was outweighed by the simpler implementations). Unique signals were carefully designed to have statistical properties extremely unlikely to exist unintentionally, and were also designed to be transmitted not only electrically via voltage or

pulse-width modulation Pulse-width modulation (PWM), or pulse-duration modulation (PDM), is a method of reducing the average power delivered by an electrical signal, by effectively chopping it up into discrete parts. The average value of voltage (and current) fed ...

, but also mechanically (e.g. a push-pull rod), optically or pneumatically. Events are described alphabetically, rather than numerically (e.g. 0 and 1), to avoid confusion with specific physical signals; a two-event sequence would have "A" and "B" events. Examples of statistical weaknesses that undermine safety properties include sequence symmetry, periodicity, repeated events, imbalances between events (event-wise balance: almost equal numbers of "A" and "B" events), imbalances between pairs (pair-wise balance: "AA", "AB", "BA" and "BB" should be almost equal in occurrence) and correlations with ''other'' unique signals (as this would permit events from a different UQS to bias this one).

Testing signals

SAND-80-1268 - CM-458-U Signal Comparator - Figure 1 - Unique signal sequence

Testing and training signals that would ever be transmitted to a weapon were also carefully chosen to be statistically ''weak'' unique signals, which would still also test the integrity of the signal transmission system. This was done so that a test signal could never be mistaken for a genuine signal, which would have strong statistical properties. Thus the test signal would be very different and could never be mistaken for the valid UQS. In order to test the unique signal generators, devices such as the CM-458/U Signal Comparator were used (which tested the DCU-201 or DCU-218 Aircraft Controller, which passed the unique signal to the weapon's MC2969 intent strong link), which would check that the signals that would be passed to the strong link were correct. The CM-458, built by Sparton Technology, tested voltages, pulse widths and signal sequence against the fixed sequence for the strong link, and was mounted on the aircraft pylon in order to also test the aircraft wiring.

Weak links

The weak links, which follow the strong links, are designed to fail earlier than the strong links. There are many kinds of weak link, which are sensitive to conditions including thermal, electrical or mechanical problems. Some weak links are dedicated devices inserted into the signal paths that function only as weak links, and others can also be critical parts of the weapon that are designed to become inoperative under certain conditions. An example of a weak link that is sensitive to temperature are the capacitors in the firing set which are charged in order to then discharge to trigger the detonators. These can be deliberately designed to fail when a specific high temperature is reached, which will prevent the firing set from being able to detonate the explosives.

Limitations

These mechanisms do not prevent misuse of the weapon, which is restricted by

Permissive Action Link A permissive action link (PAL) is an access control security device for nuclear weapons. Its purpose is to prevent unauthorized arming or detonation of a nuclear weapon. The United States Department of Defense definition is: The earliest PAL ...

code systems, or an accident from physically causing initiation of the explosives or detonators directly from extremely high temperatures, impact forces, or electrical disturbance such as lightning. The risk of accidental direct detonation is significantly reduced by using

insensitive high explosive Insensitive munitions are munitions that are designed to withstand stimuli representative of severe but credible accidents. The current range of stimuli are shock (from bullets, fragments and shaped charge jets), heat (from fires or adjacent the ...

s such as

TATB TATB, triaminotrinitrobenzene or 2,4,6-triamino-1,3,5-trinitrobenzene is an aromatic explosive, based on the basic six-carbon benzene ring structure with three nitro functional groups (NO2) and three amine (NH2) groups attached, alternating aroun ...

, which is extremely unlikely to detonate due to fire, impact or electricity. While TATB may decompose or burn in a fire, it is extremely unlikely to detonate as a result of that decomposition or burning.

References

{{reflist, refs= {{cite web , url = http://www.cs.columbia.edu/~smb/nsam-160/pal.html , archive-url = https://web.archive.org/web/20220430041502/https://www.cs.columbia.edu/~smb/nsam-160/pal.html , archive-date = 2022-04-30 , title = Permissive Action Links , author = Steven M. Bellovin , author-link = Steven M. Bellovin , access-date = 2007-03-11 {{Citation , last = Elliott , first = Grant , title = US Nuclear Weapon Safety and Control , journal = MIT Program in Science, Technology, and Society , date = 2005-12-12 , access-date = 2022-05-07 , language = English , url = http://web.mit.edu/gelliott/Public/sts.072/paper.pdf , archive-url = https://web.archive.org/web/20120619211922/http://web.mit.edu/gelliott/Public/sts.072/paper.pdf , archive-date = 2012-06-19 Permissive Action Links
Carey Sublette, at the Nuclear Weapon Archive, accessed March 11, 2007 {{citation , title = SAND91-1269: The Unique Signal Concept for Detonation Safety in Nuclear Weapons , publisher =

Sandia National Laboratory Sandia National Laboratories (SNL), also known as Sandia, is one of three research and development laboratories of the United States Department of Energy's National Nuclear Security Administration (NNSA). Headquartered in Kirtland Air Force Bas ...

, department = System Studies Department, 331 , date = 1992-12-01 , access-date = 2022-05-07 , url = https://www.cs.columbia.edu/~smb/nsam-160/sand91-1269.pdf , archive-url = https://web.archive.org/web/20220302105453/https://www.cs.columbia.edu/~smb/nsam-160/sand91-1269.pdf , archive-date = 2022-03-02 {{citation , title = SAND80-1268: CM-458/U Signal Comparator , author1 = Warren G. Merritt , author2 = David Kestly , publisher = Sandia National Laboratories , date = 1980-06-01 , url = https://www.osti.gov/servlets/purl/5375683/ , access-date = 2022-05-09 , doi = 10.2172/5375683 , s2cid = 109627865 {{citation , title = SAND88-2986: Interim Development Report for the B61-6-8 bombs , publisher = Sandia National Laboratories and Los Alamos National Laboratory , date = 1989-05-01 , access-date = 2022-05-09 , url = https://osf.io/g84bs/ {{citation , title = DTIC ADA520718: Nuclear Matters. A Practical Guide , url = https://archive.org/details/DTIC_ADA520718 , year = 2008 , publisher = Defense Technical Information Center {{citation , title = 23rd Aerospace Mechanisms Symposium , publisher =

NASA The National Aeronautics and Space Administration (NASA ) is an independent agency of the US federal government responsible for the civil space program, aeronautics research, and space research. NASA was established in 1958, succeeding t ...